Cybersecurity insurance might be a new concept for some small and medium-sized businesses. It first appeared in the 1990s to provide insurance coverage for larger organisations, and it initially covered areas such as errors made during data processing, and online media posting.
Since then, the insurance policies provided by this type of insurance coverage have changed, and current cyber insurance policies are now more focused on the costs related to a data or online security breach, including remedying a malware attack or a compromised user account.
Modern cybersecurity insurance policies will address the costs associated with actions like:
- Alerting customers of a security breach
- Providing account and user identity monitoring
- Ransomware payments to illegal actors
- Recovering compromised data
- Repairing computer systems that have been damaged due to a breach
- The employment of IT forensics to investigate a breach
- The legal expenses associated with a breach
The incidence of data breaches and their associated costs both continue to rise. A new record was set in 2021 for the highest number of recorded data breaches, and from January to March 2022, the incidence of data breaches increased by 14% over the previous year.
This type of occurrence and its detrimental impact can happen to any organisation despite its size. According to a recent survey, 60% of smaller businesses closed down after they were subjected to a cybersecurity incident.
Due to the increase in cyber and online dangers, and the rising costs associated with them, there have been ongoing changes to this type of insurance. The types of insurance provided are evolving, and organisations need to be aware of these changes to ensure that they are adequately protected should they fall foul of a cyberattack.
Below are some of the latest trends in cybersecurity insurance options that organisations should be aware of.
The Demand for This Type of Insurance Is Increasing
The demand for cybersecurity insurance continues to grow as data breaches and threats to online security continue to rise.
Globally, the average cost of a data breach is estimated to be US$4.35 million, and in the United States, it is more than twice that amount, at a cost of approximately US$9.44 million.
Organisations of all sizes are realising the importance of cyber insurance, and without adequate protection, a data or security breach can produce devastating impacts and consequences.
The Cost of Insurance Premiums is Increasing
The rise of online attacks has seen an associated increase in insurance payouts, which means that many insurance companies are increasing the price of their premiums to keep up. A report in 2021 showed that cyber insurance premiums had risen by 74%.
Costs associated with lawsuits, ransomware attacks, and other settlements have largely contributed to this increase, and insurance providers do not want to be making any unnecessary payments. It is for these reasons that this type of insurance is getting more expensive.
Some Types of Coverage are not Being Offered Anymore
Some types of insurance are becoming more difficult to obtain as the online threat environment evolves. As an example, some insurance companies do not offer coverage for attacks perpetrated by nation-states. As this type of attack originates from a national government or its proxies, and as some governments are known to have ties to hacking groups, an online attack that targets specific organisations may fall into this specific category.
During 2021, 79% of online attacks targeted organisations, so if your business or company is seeking this type of insurance cover it is highly advised that you undertake your research carefully and thoroughly.
Another form of insurance cover that is being removed from insurance policies is cover for ransomware attacks. Between the first and second quarter of 2022 attacks delivered via ransomware increased by 24%. This has led to many insurance companies no longer being interested in providing this type of cover.
Insurance providers have begun to remove ransomware attacks from their policies. This in turn places more responsibility on organisations to ensure that their online security practices and policies are well-planned and well-executed.
Cybersecurity Insurance is Becoming Harder to Obtain
Cybersecurity insurance is becoming harder to obtain, as providers are looking to reduce their exposure to online attacks and incidences.
When accessing an application for cybersecurity insurance, some of the relevant factors that providers may investigate include:
- Backup and recovery strategies
- Bring your own device and device security policies
- If any automated security processes are in place
- Network security
- Staff security training
- The level of advanced threat protection in place
- The use of MFA (multi-factor authentication) practices
- User access and their access to various systems
- What anti-phishing tactics have been implemented and employed
Organisations will need to complete a detailed questionnaire when they are applying for cybersecurity insurance, and this questionnaire will include questions about the organisation’s current cybersecurity practices and situation.
These questions take some consideration, and your IT department or consultant should be included in this process. This may prompt the implementation of new security enhancements and procedures. If appropriate steps are taken to reduce risk exposure, it may reduce the premium.
An organisation should undertake a review of its cybersecurity before applying for cyber insurance. This will save time and money while increasing the chances of the application being successful.
Do You Need Help Preparing for or Understanding Cybersecurity Policies?
The issue of cybersecurity insurance coverage can be a complex area to navigate, and if you are uninformed you may make a mistake that can ultimately be very costly and detrimental to your organisation.
If you are considering purchasing cybersecurity insurance, please contact us and we will happily provide you with a consultation and an evaluation. Aryon can help you to improve and maintain your current and future online security policies and practices.